{"id":873,"date":"2022-11-30T10:21:34","date_gmt":"2022-11-30T09:21:34","guid":{"rendered":"https:\/\/scpo-cybersecurityassociation.com\/?p=873"},"modified":"2022-11-30T10:25:55","modified_gmt":"2022-11-30T09:25:55","slug":"cyber-monitoring-5-october-2022","status":"publish","type":"post","link":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/2022\/11\/30\/cyber-monitoring-5-october-2022\/","title":{"rendered":"Cyber Monitoring #5 (October 2022)"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"300\" src=\"https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2022\/11\/unnamed-1.png\" alt=\"\" class=\"wp-image-874\" srcset=\"https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2022\/11\/unnamed-1.png 1000w, https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2022\/11\/unnamed-1-300x90.png 300w, https:\/\/scpo-cybersecurityassociation.com\/wp-content\/uploads\/2022\/11\/unnamed-1-768x230.png 768w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<p><strong>Massive cyberattack targeting Latin American armies<\/strong><br><em>Chile, Mexico, El Salvador, Peru and Colombia<\/em><\/p>\n\n\n\n<p>In late September, the governments of&nbsp;<strong>Chile, Mexico, El Salvador, Peru and Colombia&nbsp;<\/strong>disclosed that they had suffered a&nbsp;<a href=\"https:\/\/sciencespo.us5.list-manage.com\/track\/click?u=2fd462bf43b63ef48b70f41ee&amp;id=7e5e0e88bc&amp;e=288621e338\" target=\"_blank\" rel=\"noreferrer noopener\">massive&nbsp;<strong>cyberattack on their armed forces<\/strong><\/a>. The threat actors stole 10 terabytes of data including millions of emails,&nbsp;<strong>confidential information detailing military operations<\/strong>&nbsp;and contracts.<\/p>\n\n\n\n<p>The attack was claimed by a group of&nbsp;<strong>cyber activists, Guacamaya<\/strong>, who&nbsp;<strong>leaked the data to journalists<\/strong>&nbsp;who have begun to reveal its contents. They&nbsp;<strong>denounce the repressive police and military forces<\/strong>&nbsp;of these countries and&nbsp;<strong>condemn a too close link with the United States<\/strong>. Mexico has been particularly affected by this cyber attack, which is the largest in its history: millions of emails and confidential documents of the army have been made public. Classified information concerning the health of President A.M. Lopez Obrador was also published.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>A cyber attack paralyzes the Seine Maritime French department&nbsp;<\/strong><br><em>France<\/em><\/p>\n\n\n\n<p>The&nbsp;<a href=\"https:\/\/sciencespo.us5.list-manage.com\/track\/click?u=2fd462bf43b63ef48b70f41ee&amp;id=d304fb1fcb&amp;e=288621e338\" target=\"_blank\" rel=\"noreferrer noopener\">department of Seine-Maritime<\/a>&nbsp;was hit by a cyberattack on October 10. The department had to&nbsp;<strong>&#8220;completely&#8221; shut down its networks<\/strong>, after a hacking affecting a large part of its services which were and are still operating in &#8220;highly degraded mode&#8221;.&nbsp;<strong>Some online applications are still completely inaccessible<\/strong>. Users report&nbsp;<strong>delays<\/strong>&nbsp;in the processing of their applications for social assistance and&nbsp;<strong>exceptional methods for the payment of social allowances<\/strong>&nbsp;blocked by the attack has also been implemented. The ANSSI and he CNIL are working with the department to protect the data and restore access to the computer system to users and employees. An&nbsp;<strong>investigation<\/strong>&nbsp;was opened by the&nbsp;<strong>cybercrime section of the Paris prosecutor&#8217;s office.<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>A massive health insurance hack occurs in Australia<\/strong><br><em>Australia<\/em><\/p>\n\n\n\n<p>Australia\u2019s health insurance company Medibank that has 3.7 million consumers was the victim of a health insurance hack.&nbsp;<strong>200 GB in medial records were stolen and held for ransom<\/strong>.&nbsp;Due to the cyber crime, approximately 223,000 people\u2019s personal health information has been revealed. The information included credit card numbers, medical records, and names.&nbsp;This led to the Australian government imposing stricter regulations regarding personal information data.<\/p>\n\n\n\n<p>The Australian Attorney-General has criticized Australia\u2019s safety measures against cyber attacks as inadequate, as the Medibank hack came after another cyber attack against the telecom company Optus.&nbsp;<strong>Investigations are ongoing<\/strong>&nbsp;by the Australian Cyber Security Agency and the Australian Signals Directorate.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>Germany fires its president of the Federal Office for Information Security&nbsp;<\/strong><br><em>Germany<\/em><\/p>\n\n\n\n<p>Germany&nbsp;fired its president of the Federal Office for Information Security, Arne Schoenbohm, after&nbsp;<strong>controversies regarding personal ties to Russian security services<\/strong>. Criticism rose when there were media reports that the Cyber Security Council of Germany, which Schoenbohm co-founded had members from a German company that is a subsidiary of a Russian&nbsp;cybersecurity&nbsp;firm. Cyber Security Council of Germany has rejected such claims. Schoenbohm himself has denied these allegations as well and said he is no longer active in the Cyber Security Council.<\/p>\n\n\n\n<p>This is in accordance with accusations Germany made against Russia for&nbsp;<strong>hacking Germany\u2019s rail infrastructure&nbsp;<\/strong>that caused rail services to be suspended for three hours. It is clear that the tension&nbsp;between the two countries continue to rise.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>China-backed disinformation campaign hits the US midterm elections<\/strong><br><em>United States<\/em><\/p>\n\n\n\n<p>A disinformation campaign targeting US mid-term elections has been observed by Mandiant, an American&nbsp;cybersecurity&nbsp;firm. The responsible group, dubbed&nbsp;<strong>DRAGONBRIDGE, is believed to be acting in support of Chinese national interest<\/strong>, with links to the Chinese government and the People\u2019s Liberation Army.<\/p>\n\n\n\n<p>The group spread<strong>&nbsp;altered news articles and memes<\/strong>&nbsp;targeting the Democratic Party on social media, notably on Facebook and Twitter. Its aim was to&nbsp;<strong>sow doubt in the American democratic system<\/strong>&nbsp;and encourage abstention, as well as to turn the US allies against them. For example, one of the narratives points to the responsibility of the US government for the Nord Stream gas pipeline explosions. Despite&nbsp;<strong>nuanced tactics<\/strong>&nbsp;to boost credibility, through impersonating Republican voters or even groups known for fighting Chinese intelligence like Intrusion Truth, the efforts have been of limited success.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>Ukraine and Poland attacked by new &#8220;Prestige&#8221; ransomware<\/strong><br><em>Ukraine, Poland<\/em><\/p>\n\n\n\n<p>On October 10, Ukraine and Poland were hit by a novel ransomware group.&nbsp;<strong>The malware, dubbed \u201cPrestige\u201d, has been used against the two states\u2019 logistics and infrastructure sectors.<\/strong>&nbsp;The attackers first gained administrator access of numerous firms across the industry, to then encrypt their files and demand ransom for decrypting them. The Microsoft Threat Intelligence Center, who first uncovered the attacks, could not attribute responsibility to any of the 94 known threat groups, and is referring to the new actor as&nbsp;<strong>DEV-0960<\/strong>. However, they point out that the victim list of Prestige shares some&nbsp;<strong>similarities with other Russia-linked ransomware families<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check out what happened in the cyberspace during the month of October!<\/p>\n","protected":false},"author":7,"featured_media":801,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-873","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles"],"_links":{"self":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts\/873","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/comments?post=873"}],"version-history":[{"count":2,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts\/873\/revisions"}],"predecessor-version":[{"id":877,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/posts\/873\/revisions\/877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/media\/801"}],"wp:attachment":[{"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/media?parent=873"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/categories?post=873"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/scpo-cybersecurityassociation.com\/index.php\/wp-json\/wp\/v2\/tags?post=873"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}